diff options
| -rw-r--r-- | fs/ecryptfs/crypto.c | 66 | ||||
| -rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 4 | ||||
| -rw-r--r-- | fs/ecryptfs/keystore.c | 19 | ||||
| -rw-r--r-- | fs/ecryptfs/main.c | 13 |
4 files changed, 24 insertions, 78 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index ed35a9712fa1..82e7d02cefae 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
| @@ -1573,35 +1573,26 @@ out: | |||
| 1573 | 1573 | ||
| 1574 | /** | 1574 | /** |
| 1575 | * ecryptfs_process_cipher - Perform cipher initialization. | 1575 | * ecryptfs_process_cipher - Perform cipher initialization. |
| 1576 | * @tfm: Crypto context set by this function | ||
| 1577 | * @key_tfm: Crypto context for key material, set by this function | 1576 | * @key_tfm: Crypto context for key material, set by this function |
| 1578 | * @cipher_name: Name of the cipher. | 1577 | * @cipher_name: Name of the cipher |
| 1579 | * @key_size: Size of the key in bytes. | 1578 | * @key_size: Size of the key in bytes |
| 1580 | * | 1579 | * |
| 1581 | * Returns zero on success. Any crypto_tfm structs allocated here | 1580 | * Returns zero on success. Any crypto_tfm structs allocated here |
| 1582 | * should be released by other functions, such as on a superblock put | 1581 | * should be released by other functions, such as on a superblock put |
| 1583 | * event, regardless of whether this function succeeds for fails. | 1582 | * event, regardless of whether this function succeeds for fails. |
| 1584 | */ | 1583 | */ |
| 1585 | int | 1584 | int |
| 1586 | ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | 1585 | ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, |
| 1587 | char *cipher_name, size_t key_size) | 1586 | size_t *key_size) |
| 1588 | { | 1587 | { |
| 1589 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; | 1588 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; |
| 1590 | int rc; | 1589 | int rc; |
| 1591 | 1590 | ||
| 1592 | *tfm = *key_tfm = NULL; | 1591 | *key_tfm = NULL; |
| 1593 | if (key_size > ECRYPTFS_MAX_KEY_BYTES) { | 1592 | if (*key_size > ECRYPTFS_MAX_KEY_BYTES) { |
| 1594 | rc = -EINVAL; | 1593 | rc = -EINVAL; |
| 1595 | printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " | 1594 | printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " |
| 1596 | "allowable is [%d]\n", key_size, ECRYPTFS_MAX_KEY_BYTES); | 1595 | "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); |
| 1597 | goto out; | ||
| 1598 | } | ||
| 1599 | *tfm = crypto_alloc_tfm(cipher_name, (ECRYPTFS_DEFAULT_CHAINING_MODE | ||
| 1600 | | CRYPTO_TFM_REQ_WEAK_KEY)); | ||
| 1601 | if (!(*tfm)) { | ||
| 1602 | rc = -EINVAL; | ||
| 1603 | printk(KERN_ERR "Unable to allocate crypto cipher with name " | ||
| 1604 | "[%s]\n", cipher_name); | ||
| 1605 | goto out; | 1596 | goto out; |
| 1606 | } | 1597 | } |
| 1607 | *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); | 1598 | *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); |
| @@ -1611,46 +1602,13 @@ ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | |||
| 1611 | "[%s]\n", cipher_name); | 1602 | "[%s]\n", cipher_name); |
| 1612 | goto out; | 1603 | goto out; |
| 1613 | } | 1604 | } |
| 1614 | if (key_size < crypto_tfm_alg_min_keysize(*tfm)) { | 1605 | if (*key_size == 0) |
| 1615 | rc = -EINVAL; | 1606 | *key_size = crypto_tfm_alg_max_keysize(*key_tfm); |
| 1616 | printk(KERN_ERR "Request key size is [%Zd]; minimum key size " | 1607 | get_random_bytes(dummy_key, *key_size); |
| 1617 | "supported by cipher [%s] is [%d]\n", key_size, | 1608 | rc = crypto_cipher_setkey(*key_tfm, dummy_key, *key_size); |
| 1618 | cipher_name, crypto_tfm_alg_min_keysize(*tfm)); | ||
| 1619 | goto out; | ||
| 1620 | } | ||
| 1621 | if (key_size < crypto_tfm_alg_min_keysize(*key_tfm)) { | ||
| 1622 | rc = -EINVAL; | ||
| 1623 | printk(KERN_ERR "Request key size is [%Zd]; minimum key size " | ||
| 1624 | "supported by cipher [%s] is [%d]\n", key_size, | ||
| 1625 | cipher_name, crypto_tfm_alg_min_keysize(*key_tfm)); | ||
| 1626 | goto out; | ||
| 1627 | } | ||
| 1628 | if (key_size > crypto_tfm_alg_max_keysize(*tfm)) { | ||
| 1629 | rc = -EINVAL; | ||
| 1630 | printk(KERN_ERR "Request key size is [%Zd]; maximum key size " | ||
| 1631 | "supported by cipher [%s] is [%d]\n", key_size, | ||
| 1632 | cipher_name, crypto_tfm_alg_min_keysize(*tfm)); | ||
| 1633 | goto out; | ||
| 1634 | } | ||
| 1635 | if (key_size > crypto_tfm_alg_max_keysize(*key_tfm)) { | ||
| 1636 | rc = -EINVAL; | ||
| 1637 | printk(KERN_ERR "Request key size is [%Zd]; maximum key size " | ||
| 1638 | "supported by cipher [%s] is [%d]\n", key_size, | ||
| 1639 | cipher_name, crypto_tfm_alg_min_keysize(*key_tfm)); | ||
| 1640 | goto out; | ||
| 1641 | } | ||
| 1642 | get_random_bytes(dummy_key, key_size); | ||
| 1643 | rc = crypto_cipher_setkey(*tfm, dummy_key, key_size); | ||
| 1644 | if (rc) { | ||
| 1645 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | ||
| 1646 | "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); | ||
| 1647 | rc = -EINVAL; | ||
| 1648 | goto out; | ||
| 1649 | } | ||
| 1650 | rc = crypto_cipher_setkey(*key_tfm, dummy_key, key_size); | ||
| 1651 | if (rc) { | 1609 | if (rc) { |
| 1652 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | 1610 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " |
| 1653 | "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); | 1611 | "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc); |
| 1654 | rc = -EINVAL; | 1612 | rc = -EINVAL; |
| 1655 | goto out; | 1613 | goto out; |
| 1656 | } | 1614 | } |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 872c9958531a..4112df9dec50 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
| @@ -473,8 +473,8 @@ ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 473 | unsigned char *src, struct dentry *ecryptfs_dentry); | 473 | unsigned char *src, struct dentry *ecryptfs_dentry); |
| 474 | int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); | 474 | int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); |
| 475 | int | 475 | int |
| 476 | ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | 476 | ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, |
| 477 | char *cipher_name, size_t key_size); | 477 | size_t *key_size); |
| 478 | int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); | 478 | int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); |
| 479 | int ecryptfs_inode_set(struct inode *inode, void *lower_inode); | 479 | int ecryptfs_inode_set(struct inode *inode, void *lower_inode); |
| 480 | void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); | 480 | void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index ba454785a0c5..bc706d33559a 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
| @@ -493,19 +493,16 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
| 493 | goto out; | 493 | goto out; |
| 494 | } | 494 | } |
| 495 | } | 495 | } |
| 496 | if (password_s_ptr->session_key_encryption_key_bytes | ||
| 497 | < crypto_tfm_alg_min_keysize(tfm)) { | ||
| 498 | printk(KERN_WARNING "Session key encryption key is [%d] bytes; " | ||
| 499 | "minimum keysize for selected cipher is [%d] bytes.\n", | ||
| 500 | password_s_ptr->session_key_encryption_key_bytes, | ||
| 501 | crypto_tfm_alg_min_keysize(tfm)); | ||
| 502 | rc = -EINVAL; | ||
| 503 | goto out; | ||
| 504 | } | ||
| 505 | if (tfm_mutex) | 496 | if (tfm_mutex) |
| 506 | mutex_lock(tfm_mutex); | 497 | mutex_lock(tfm_mutex); |
| 507 | crypto_cipher_setkey(tfm, password_s_ptr->session_key_encryption_key, | 498 | rc = crypto_cipher_setkey(tfm, |
| 508 | crypt_stat->key_size); | 499 | password_s_ptr->session_key_encryption_key, |
| 500 | crypt_stat->key_size); | ||
| 501 | if (rc < 0) { | ||
| 502 | printk(KERN_ERR "Error setting key for crypto context\n"); | ||
| 503 | rc = -EINVAL; | ||
| 504 | goto out_free_tfm; | ||
| 505 | } | ||
| 509 | /* TODO: virt_to_scatterlist */ | 506 | /* TODO: virt_to_scatterlist */ |
| 510 | encrypted_session_key = (char *)__get_free_page(GFP_KERNEL); | 507 | encrypted_session_key = (char *)__get_free_page(GFP_KERNEL); |
| 511 | if (!encrypted_session_key) { | 508 | if (!encrypted_session_key) { |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 5938a232d11b..a65f4865182c 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
| @@ -208,7 +208,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
| 208 | char *cipher_name_dst; | 208 | char *cipher_name_dst; |
| 209 | char *cipher_name_src; | 209 | char *cipher_name_src; |
| 210 | char *cipher_key_bytes_src; | 210 | char *cipher_key_bytes_src; |
| 211 | struct crypto_tfm *tmp_tfm; | ||
| 212 | int cipher_name_len; | 211 | int cipher_name_len; |
| 213 | 212 | ||
| 214 | if (!options) { | 213 | if (!options) { |
| @@ -305,20 +304,12 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
| 305 | = '\0'; | 304 | = '\0'; |
| 306 | } | 305 | } |
| 307 | if (!cipher_key_bytes_set) { | 306 | if (!cipher_key_bytes_set) { |
| 308 | mount_crypt_stat->global_default_cipher_key_size = | 307 | mount_crypt_stat->global_default_cipher_key_size = 0; |
| 309 | ECRYPTFS_DEFAULT_KEY_BYTES; | ||
| 310 | ecryptfs_printk(KERN_DEBUG, "Cipher key size was not " | ||
| 311 | "specified. Defaulting to [%d]\n", | ||
| 312 | mount_crypt_stat-> | ||
| 313 | global_default_cipher_key_size); | ||
| 314 | } | 308 | } |
| 315 | rc = ecryptfs_process_cipher( | 309 | rc = ecryptfs_process_cipher( |
| 316 | &tmp_tfm, | ||
| 317 | &mount_crypt_stat->global_key_tfm, | 310 | &mount_crypt_stat->global_key_tfm, |
| 318 | mount_crypt_stat->global_default_cipher_name, | 311 | mount_crypt_stat->global_default_cipher_name, |
| 319 | mount_crypt_stat->global_default_cipher_key_size); | 312 | &mount_crypt_stat->global_default_cipher_key_size); |
| 320 | if (tmp_tfm) | ||
| 321 | crypto_free_tfm(tmp_tfm); | ||
| 322 | if (rc) { | 313 | if (rc) { |
| 323 | printk(KERN_ERR "Error attempting to initialize cipher [%s] " | 314 | printk(KERN_ERR "Error attempting to initialize cipher [%s] " |
| 324 | "with key size [%Zd] bytes; rc = [%d]\n", | 315 | "with key size [%Zd] bytes; rc = [%d]\n", |